letsbe/pn-new-crm
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity
Files
main
pn-new-crm/tests/integration/documenso-webhook-route.test.ts
Matt 4b5f85cb7d fix(audit): comprehensive 2026-05-15 audit fix wave + Documenso v2 polish 
Bundles the prior session's 50-task fix sweep (Documenso v2 + EOI/signing-
progress redesign + env-to-admin migration + dev-mode banner) with the
2026-05-18 audit fix wave (3 CRITICAL, 14 HIGH, 28 MEDIUM, 6 LOW).

CRITICAL (3):
 - C-01 interest-berths INNER JOIN -> LEFT JOIN so hard-deleted berths
   no longer silently drop interest links
 - C-02 /setup added to PUBLIC_PATHS; fresh-deploy bootstrap loop fixed
 - C-03 generic PATCH /interests/[id] no longer accepts pipelineStage —
   callers must go through /stage with the override-guard chain

HIGH (14/15):
 - H-01 explicit ON DELETE on previously-implicit NO ACTION FKs across
   interests/documents/reservations/reminders/invoices (migration 0070)
 - H-02 login page reads ?redirect= param with same-origin guard
 - H-03 CRM invite token moves to URL fragment so it never lands in
   nginx access logs / Referer headers
 - H-04 Retry-After header on sign-in-by-identifier 429 (RFC 6585 §4)
 - H-05 toggleAccount writes an audit row
 - H-06 upsertSetting masks any value whose key ends with _encrypted
 - H-07 archiveClient cascade fires per-interest audit rows
 - H-08 createSalesTransporter applies SMTP_TIMEOUTS
 - H-09 AppShell stable children — viewport flip across breakpoint no
   longer destroys in-progress form drafts
 - H-10 portal documents page swaps Unicode glyph status icons for
   Lucide CheckCircle2/XCircle/Circle + aria-labels
 - H-12 list components swap alert(...) for toast.warning(...)
 - H-13 5 icon-only buttons gain aria-label
 - H-14 parseBody treats empty bodies as {}
 - H-15 admin layout renders a 403 panel instead of silent bounce
 - H-11 not applicable — mobile-search-overlay IS a mobile bottom-sheet

MEDIUM (28+):
 - M-MT01-05 defense-in-depth port_id/parent-id filters on UPDATE/DELETE
   WHEREs across custom-fields, notes (all 6 entity types x update +
   delete), client-contacts, yacht ownerClient lookup, webhook reads
 - M-D01 documents-hub realtime event-name typo (file:created -> uploaded)
 - M-EM01 portal-auth emails thread through portId
 - M-EM02 sendEmail accepts cc/bcc params
 - M-EM04 notification_digest catalog key
 - M-IN01 portal presigned download URLs use 4h TTL
 - M-IN02 OpenAI client lazy-instantiated
 - M-IN04 stale pdfme refs updated to pdf-lib AcroForm
 - M-IN05 umami.testConnection returns tagged union
 - M-L01 reservations tenure_type unified with berths
 - M-L02 report-generators canonicalize stage values
 - M-AU01 audit log placeholder copy fixed
 - M-AU04 outcome_set / outcome_cleared distinct audit verbs
 - M-NEW-2 activity feed entity name+type separator
 - M-R01 portal allowlist narrowed + portal_session backstop in proxy
 - M-SC02 companies archived partial index
 - M-SC04 audit_logs.searchText documented as DB-managed
 - M-S01 storage_s3_access_key_encrypted admin field
 - M-U01 audit log empty state uses <EmptyState>
 - M-U09 invoice delete dialog -> <AlertDialog>
 - M-U10 toast.success on ClientForm + InterestForm create/edit
 - M-U11 settings-form-card logo preview alt text
 - M-U14 mobile topbar title on clients/yachts/interests/berths
 - M-U15 Invoices in mobile More-sheet

LOW (6/8):
 - L-AU01 severity defaults for security-relevant verbs
 - L-AU02 +13 missing actions in admin audit filter
 - L-AU03 +7 missing entity types in admin audit filter
 - L-AU04 dead listAuditLogs stubbed
 - L-D02 CLAUDE.md Owner-wins chain tightened

Bonus — Document detail polish (#67 partial, 3/6 deliverables):
 - state-aware action button per signer
 - watcher Add UI with display-name resolution
 - cleanSignerName cleanup

Prior session work bundled in:
 - Documenso v2 webhook + envelope-ID normalization + sequential signing
 - SigningProgress UI redesign (avatars, per-signer state, timestamps)
 - env->admin settings registry + RegistryDrivenForm + encrypted creds
 - Embedded-signing card + Test connection + setup help
 - Dev-mode EMAIL_REDIRECT_TO banner
 - Pipeline rules admin page
 - Sales email config card
 - Audit log details Sheet
 - EOI tab: Finalising badge, absolute timestamps, sequential indicator
 - Notes pipeline_stage_at_creation (migration 0069)
 - Documenso numeric ID dual-key webhook (migration 0068)
 - Dimensions criterion copy (migration 0067)

Tests: 1374/1374 vitest pass. tsc clean. lint clean.

See docs/AUDIT-FIX-WAVE-2026-05-18.md for the full progress report and
the user-input items still pending.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-18 13:28:50 +02:00

230 lines
7.3 KiB
TypeScript
Raw Permalink Blame History

/**
* Tests for the Documenso webhook receiver route at
* `src/app/api/webhooks/documenso/route.ts`.
*
* The receiver was previously only covered indirectly: the unit test
* `webhook-event-map.test.ts` validates the static event-name map, and
* `documents-expired-webhook.test.ts` calls handlers directly. Neither
* exercised the route's auth, dedup, dispatch loop, or 200-on-failure
* envelope. This file fills that gap.
*
* Refs: docs/audit-comprehensive-2026-05-05.md HIGH §19 (auditor-J Issue 2).
*/
import { describe, it, expect } from 'vitest';
import { eq } from 'drizzle-orm';
import { NextRequest } from 'next/server';
import { POST as documensoWebhook } from '@/app/api/webhooks/documenso/route';
import { db } from '@/lib/db';
import { documents, documentEvents } from '@/lib/db/schema/documents';
import { interests } from '@/lib/db/schema/interests';
import { systemSettings } from '@/lib/db/schema/system';
import { encrypt } from '@/lib/utils/encryption';
import { makeClient, makePort } from '../helpers/factories';
/**
* Seed a per-port webhook secret on the freshly-created test port and
* return both the port + the plaintext secret. The receiver iterates
* per-port secrets BEFORE the env fallback, so without this seed
* `listDocumensoWebhookSecrets()` resolves the matched port to whichever
* other port happens to share the env value (e.g. the dev `port-amador`
* row that ships with the .env example). Each test gets a unique
* secret so cross-test pollution can't happen either.
*/
async function seedWebhookSecret(portId: string): Promise<string> {
const secret = `test-webhook-${portId.slice(0, 8)}-${Date.now()}`.padEnd(48, 'x').slice(0, 48);
const envelope = JSON.parse(encrypt(secret));
await db.insert(systemSettings).values({
portId,
key: 'documenso_webhook_secret',
value: envelope,
});
return secret;
}
function buildRequest(body: Record<string, unknown>, secret: string): NextRequest {
return new NextRequest('http://localhost:3000/api/webhooks/documenso', {
method: 'POST',
headers: {
'content-type': 'application/json',
'x-documenso-secret': secret,
},
body: JSON.stringify(body),
});
}
describe('Documenso webhook route', () => {
it('returns 200 with ok:false when the secret header is missing or wrong', async () => {
const req = buildRequest(
{ event: 'DOCUMENT_SIGNED', payload: { id: 'abc', recipients: [] } },
'wrong-secret',
);
const res = await documensoWebhook(req);
expect(res.status).toBe(200);
const body = await res.json();
expect(body).toMatchObject({ ok: false });
});
it('with a valid secret + DOCUMENT_SIGNED writes a documentEvents row', async () => {
const port = await makePort();
const secret = await seedWebhookSecret(port.id);
const client = await makeClient({ portId: port.id });
const documensoId = `docu-test-${Date.now()}`;
const [doc] = await db
.insert(documents)
.values({
portId: port.id,
clientId: client.id,
documentType: 'eoi',
title: 'Webhook test EOI',
status: 'sent',
documensoId,
createdBy: 'seed',
})
.returning();
const req = buildRequest(
{
event: 'DOCUMENT_SIGNED',
payload: {
id: documensoId,
recipients: [{ email: 'signer@test.invalid', signingStatus: 'SIGNED' }],
},
},
secret,
);
const res = await documensoWebhook(req);
expect(res.status).toBe(200);
const events = await db
.select()
.from(documentEvents)
.where(eq(documentEvents.documentId, doc!.id));
expect(events.length).toBeGreaterThanOrEqual(1);
});
it('DOCUMENT_COMPLETED for a reservation_agreement stamps reservationDocStatus on the linked interest', async () => {
const port = await makePort();
const secret = await seedWebhookSecret(port.id);
const client = await makeClient({ portId: port.id });
const [interest] = await db
.insert(interests)
.values({
portId: port.id,
clientId: client.id,
pipelineStage: 'reservation',
})
.returning();
const documensoId = `docu-resv-${Date.now()}`;
await db.insert(documents).values({
portId: port.id,
clientId: client.id,
interestId: interest!.id,
documentType: 'reservation_agreement',
title: 'Reservation webhook test',
status: 'sent',
documensoId,
createdBy: 'seed',
});
const req = buildRequest(
{
event: 'DOCUMENT_COMPLETED',
payload: { id: documensoId, recipients: [] },
},
secret,
);
const res = await documensoWebhook(req);
expect(res.status).toBe(200);
const [updated] = await db.select().from(interests).where(eq(interests.id, interest!.id));
expect(updated?.reservationDocStatus).toBe('signed');
expect(updated?.dateReservationSigned).not.toBeNull();
});
it('DOCUMENT_COMPLETED for a contract stamps contractDocStatus on the linked interest', async () => {
const port = await makePort();
const secret = await seedWebhookSecret(port.id);
const client = await makeClient({ portId: port.id });
const [interest] = await db
.insert(interests)
.values({
portId: port.id,
clientId: client.id,
pipelineStage: 'contract',
})
.returning();
const documensoId = `docu-contract-${Date.now()}`;
await db.insert(documents).values({
portId: port.id,
clientId: client.id,
interestId: interest!.id,
documentType: 'contract',
title: 'Contract webhook test',
status: 'sent',
documensoId,
createdBy: 'seed',
});
const req = buildRequest(
{
event: 'DOCUMENT_COMPLETED',
payload: { id: documensoId, recipients: [] },
},
secret,
);
const res = await documensoWebhook(req);
expect(res.status).toBe(200);
const [updated] = await db.select().from(interests).where(eq(interests.id, interest!.id));
expect(updated?.contractDocStatus).toBe('signed');
expect(updated?.dateContractSigned).not.toBeNull();
});
it('replays of the same body are no-ops (signatureHash dedup)', async () => {
const port = await makePort();
const secret = await seedWebhookSecret(port.id);
const client = await makeClient({ portId: port.id });
const documensoId = `docu-dedup-${Date.now()}`;
const [doc] = await db
.insert(documents)
.values({
portId: port.id,
clientId: client.id,
documentType: 'eoi',
title: 'Dedup test EOI',
status: 'sent',
documensoId,
createdBy: 'seed',
})
.returning();
const body = {
event: 'DOCUMENT_OPENED',
payload: {
id: documensoId,
recipients: [{ email: 'opener@test.invalid', readStatus: 'OPENED' }],
},
};
await documensoWebhook(buildRequest(body, secret));
await documensoWebhook(buildRequest(body, secret));
const events = await db
.select()
.from(documentEvents)
.where(eq(documentEvents.documentId, doc!.id));
// The route's `handleDocumentOpened` writes an event with type
// `'viewed'`. One row from the first call; the second should have
// been refused by the signatureHash dedup guard.
const viewedEvents = events.filter((e) => e.eventType === 'viewed');
expect(viewedEvents.length).toBe(1);
});
});
Reference in New Issue View Git Blame Copy Permalink